> > > 2. Lockout an account for time X after three failed attempts. > > This should be achievable using pam_tally.so but the > > functionality is partly broken and also not much secure (even > > after lockout it can reveal succesfull password break attempt > > to attacker). > > Is anyone aware of an active effort to fix this? Would selinux be a place > to look? I have a patch for this but it has other problems so I didn't add it to the rpm yet. -- Tomas Mraz <tmraz@xxxxxxxxxx> _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
